Olivia
Online
ryan mc
@detectdotdev
Rhode Island, USA
Joined July 2022
112 Following
233 Followers
86 Posts
Long-awaited parallel (threaded) queries arrive in MSTICPy! 🏃♀️🏃♀️🏃♀️
Split big queries into separately executing chunks or across multiple workspaces and clusters.
🚨Small update for TokenTacticsV2
▫️Two new device platforms
▫️Linux, since it's now supported by Conditional Access
▫️OS/2, because it's not 😁
https://t.co/LEokd5OSzs
@svrooij @janbakker_ @DrAzureAD MS indicated that they would release conditional access policies that restrict the issuance of family refresh tokens. I don’t believe that ever came into fruition.
Who to follow
Dr. Nestori Syynimaa 
@DrAzureAD
Principal Identity Security Researcher at Microsoft. Ex-Secureworks. (MSc, MEng, PhD, CITP, CCSK).
And yes, opinions are my own ;)
Olaf Hartong
@olafhartong
@FalconForceTeam | researcher with a camera | Microsoft MVP | Snow man role model
Kinnaird McQuade
@kmcquade3
AI security research. Chief Security Architect @btphantomlabs
Official confirmation from Microsoft that there is no supported way to rotate nor change DPAPI backup keys!
Compromised keys? ➡️ Burn the domain and rebuild a new one 💥
I know a lot of excellent people are looking for jobs right now. We have several openings at @redcanary, including my peer, Senior Director of Detection Engineering, and a Threat Hunter on a team I lead. I hope you'll consider applying or sharing. https://t.co/7sLoewwJGr
Small update to roadtx, with thanks to @Flangvik for the idea: you can now do the interactive authentication with a "borrowed" ESTSAUTHPERSISTENT cookie from a browser, to get tokens or have an authenticated browser session.
New blog is out!
OneDrive to Enum Them All
https://t.co/LqEVPLTd1n
Major updates:
• database storage
• logging of previous runs
• easily append digits or strings to usernames
• stale job detection
• skip tried usernames
Special thanks to @DrAzureAD and @thetechr0mancer!
@DrAzureAD brings some valid points. MemberLevel user can read CA Policies. This has not always been understood, since the GUI and MS Graph requires roles for this, but not Azure AD Graph API. Also means, that if you have gaps in CA, those can be read by normal user
@Secureworks' latest Threat Analysis report "Tampering with Conditional Access Policies Using Azure AD Graph API" out now!
1️⃣ Regular users can read Conditional Access Policies (CAPs) 🤔
2️⃣ Administrators can modify CAPs without proper logging 😲
https://t.co/uuu22OPRhq
#IWorkForSecureworks
@424f424f If you are curious how tokentactics exchanges the refresh tokens for other audiences, check out FOCI: https://t.co/2F629iO9fi
This Friday I'll be running an #AzureAD token workshop in @NorthSec_io conference, Montreal, Canada. Here are some teasers 😋
https://t.co/LF2yvvxHJe
Next version of #AADInternals will be published during the @BlackHatEvents #BHAsia on May 11th at #BHArsenal!
Some teasers:
◾ Exploitation tooling for findings covered in our Briefings talk with @SravanAkkaram 😈
◾ Totally re-written token handling 🤞
◾ Automatic FOCI client handling (thx to @detectdotdev) 🔥
Into Windows security / forensics? I just released a post I started writing 3 years ago: https://t.co/YwbYpLMtvE
I've long been interested in how EDRs work under the hood and how we can apply a more evidence-based approach to evasion. I'm happy to announce that I've written a book covering these topics with @nostarch which is now available for preorder 🎉
https://t.co/tHSWnVzuMX
This quarter @Secureworks had two researchers in the @msftsecresponse researcher leaderboard🔥 Congratulations to all other researchers who made it, great job everyone!
My colleague @SantasaloJoosua have had a fantastic streak this year keeping us all safe - so proud of working with him ❤
https://t.co/yteYp7A104
#WeWorkForSecureworks
New chapter of #AzureAD Attack & Defense Playbook: Are you looking for a way to track and verify your identity security posture? @samilamppu, @PitkarantaM and I have worked on a solution which includes also comparison to recommendations and #MITRE mapping.
https://t.co/ty6VBOlCsa
I'll deliver a workshop, "Tokens, everywhere!" at @NorthSec_io, Montreal 🇨🇦 in May! In this hands-on deep-dive, I'll cover #AzureAD #OAuth implementation, different token types, #FOCI, and various attack scenarios.
Check out details and get tickets at https://t.co/FDUL6qmFZ0
Check out this new doc that lists all the 🍪 cookies involved in an Azure AD authentication.
😀
https://t.co/6XQFbv7kjv
Last Seen Users on Sotwe
chapín502
Seen from United States
Sissy cuck Pallavi
Seen from India
C.
Seen from Japan
Lovify
Seen from Indonesia
လီးစုပ္ခ်င္တယ္
طاطاكم كريمة 37 سنة نخدم باليبون
Seen from Algeria
yasmin
Seen from United Kingdom
Squirt Girl 🙊
Seen from Turkey
jilbab asik
Seen from Singapore
NBA History
Seen from Russia
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers